Rest assured, there is no global conspiracy to bug you with update notifications. As you may have noticed, unpatched software enables a large proportion of cyberattacks, which is why developers are constantly fixing vulnerabilities in their programs, and why you’re constantly getting alerts about updates. Update the software, patch the vulnerabilities, foil the crooks.
To learn more about the situation, we investigated user attitudes about updates in two dozen countries. It turned out that every other person we surveyed is inclined to click “Remind me later.” That being the case, here’s a handy list of the five most important types of software to update — the ones worth tearing yourself away from work or play.
1. Operating system
The operating system is the shell within which all programs on your computer or mobile device run, so security problems here can have very serious consequences. By exploiting a vulnerability in the operating system, cybercriminals can encrypt your data and demand ransom for it, mine cryptocurrency on your hardware, intercept your payment details, discover materials for extortion, and more.
Operating system attacks are some of the most massive and destructive attacks out there. For example, through a vulnerability in Windows, WannaCry and NotPetya ransomware compromised hundreds of thousands of computers worldwide, leading to losses in the billions of dollars (read more about it in our history of ransomware post). The Windows updates that addressed the vulnerability — the updates that would have thwarted the attacks — had long been available for download at the time of both WannaCry and NotPetya outbreaks.
Tracing and fixing vulnerabilities in operating systems is an ongoing process, so updates should be regular. This applies to both computers and mobile devices.
Browsers, too, can give attackers access to a device. For example, cybercriminals can inject a malicious script into website code for drive-by attacks; victims need only open a Web page to pick up the malware.
The creators of an exploit for Chrome carried out such an attack, using a browser vulnerability to download a Trojan to victims’ computers. Although Chrome’s developers quickly released an update that patched the vulnerability, users who put off installing it remained easy prey.
Don’t forget about preinstalled browsers such as Safari or Edge. Even if you opened it only once to download Firefox or Chrome, it is still there. Some attacks harness programs that are simply in the system, regardless of whether you use them. Users of iOS and iPadOS versions older than 14.2 had to reckon with a bug in the Safari engine that allowed attackers to run other programs.
3. Office productivity software
We are forever viewing and editing documents, so it should come as no surprise that cybercriminals often use bugs in the Microsoft Office and Adobe suites for attacks.
For example, cybercriminals used a vulnerability in Microsoft Word’s DDE feature to download Locky ransomware to victims’ devices. A ransom demand followed, with a threat to destroy or publish confidential data. A short while later, Microsoft released a patch. The moral of the story: To keep your files, reputation, and money safe, update office software the moment you can.
4. Bank apps
Financial apps are among the juiciest targets for cybercriminals because a successful attack gets them directly inside the victim’s wallet. Banks understand that, of course, and constantly update their apps to improve protection. The main thing is to install updates as soon as they become available.
5. Antivirus software
It should go without saying that you also need to keep your security software up to date. New Trojans and viruses appear every single day; in the second half of 2020 alone, Kaspersky security products detected attacks by 80 million unique malicious objects. To keep you safe from cyberinfections, your antivirus protection needs regular and timely updates.
Your antivirus utility probably already updates itself by default, which is both convenient and security-centric, but just in case, check the settings to make sure. Both antivirus software and the malware databases on which it relies need regular, automatic updating.
If you want your computer and smartphone to serve you and protect your personal data for a long time, it’s important to consider protection at every level, including timely updates of software, in particular:
- Operating systems,
- Browsers (all of ’em),
- Office productivity software,
- Bank apps,
- And, of course, your security solution.
What to do while installing updates
One last thing. We are used to having digital devices at our beck and call, so a computer or smartphone being out of commission while installing a system update can be rather discombobulating.
But there is more to life than technology, if you can believe it. Think about things you’ve wanted to do, if you could only find the time. Breathe some fresh air? Call your parents or kids? Get some exercise? Click that “Update” button, and get yourself busy elsewhere. It’s a win-win.
To make exercise more interesting, we asked popular blogger, yoga teacher, and former elite gymnast Shona Vertue to develop a special workout routine, one that’s just the right length to keep the body active during a “medium-scale” update of an operating system. The exercises are designed especially for infoworkers — people with sedentary occupations are prone to posture problems. It’s important to update yourself too, not just your software.